JP2011501321A - Progressive boot for wireless devices - Google Patents

Abstract

Techniques for performing progressive boot to reduce perceptual boot time for wireless devices are described. The program code stored in the bulk nonvolatile memory can be divided into multiple code images. The first code image may include program code used to support basic functionality of the wireless device. The second code image can include the remaining program code. For progressive boot, the first code image can be initially loaded from bulk non-volatile memory. Once the first code image is loaded, the wireless device can be enabled and appear to be functional to the user. While the wireless device is operational, the second code image can be loaded from bulk non-volatile memory as a background task and / or on demand, if necessary.

Description

background

I. FIELD The present disclosure relates generally to electronics, and more specifically to techniques for booting a wireless device at power up.

II. Background Wireless devices (eg, mobile phones) typically operate based on program codes that control the hardware in the wireless device and support various designed functions. Program code is stored in bulk non-volatile memory and can be loaded into faster volatile memory at power up. A bulk nonvolatile memory can economically store a large amount of data, but may be a NAND-type FLASH that can be accessed only one page at a time. A page is the smallest unit of data that can be retrieved from a NAND FLASH and may be 4 kilobytes (KB) or some other size. The faster volatile memory may be a synchronous dynamic random access memory (SDRAM) that can support random access. The memory can be selected to provide the desired storage capacity and access capabilities and to be as economical as possible.

  All of the program code can be loaded from bulk non-volatile memory into faster volatile memory when it is powered up to the wireless device. Once all of the program code has been loaded, the wireless device can be enabled, accepting user input and performing user-selected functions. The amount of program code loaded at power up may be large and the boot time may be relatively long. Thus, the user may need to wait for an extended period of time before the wireless device is operational.

  In one aspect, an apparatus (apparatus) includes a processor configured to program first and second code images in a memory device used for a wireless device, wherein the first code image is The second code image is loaded from the memory device to boot the wireless device and enable the wireless device, and the second code image is operable while the wireless device is operable to further boot the wireless device. It is loaded from a memory device.

  In another aspect, the method includes programming a first code image into a memory device used for the wireless device, wherein the first code image is capable of booting the wireless device and operating the wireless device. To be loaded from the memory device. The method further includes programming a second code image into the memory device, wherein the second code image is operable while the wireless device is operable to further boot the wireless device. It is loaded from a memory device.

  In another aspect, an apparatus has means for programming a first code image into a memory device used for the wireless device, and yet the first code image boots the wireless device and enables the wireless device. Means for programming a second code image to the memory device, and still the second code image is operable by the wireless device to further boot the wireless device. In between, loaded from a memory device.

  In another aspect, an apparatus can operate a wireless device after loading a first code image with a memory controller configured to load the first code image from external memory to boot the wireless device A memory controller, wherein the memory controller receives the second code image from external memory while the wireless device is operable to further boot the wireless device. It is further configured to load.

  In another aspect, a method loads a first code image from external memory to boot a wireless device, enables the wireless device after loading the first code image, and Loading a second code image from external memory while the wireless device is operable to further boot the wireless device.

  In another aspect, an apparatus provides means for loading a first code image from external memory to boot a wireless device and enabling the wireless device after loading the first code image. And means for loading a second code image from external memory while the wireless device is operable to further boot the wireless device.

  In another aspect, a computer program product includes code for causing a computer to load a first code image from external memory to boot a wireless device, and after loading the first code image. Code for enabling the computer to operate the wireless device and code for causing the computer to load the second code image from external memory while the wireless device is operable to further boot the wireless device And a computer-readable medium.

  In another aspect, the apparatus retrieves a plurality of pages of a code image from external memory, wherein the plurality of pages are associated with separate security information. A memory controller configured to authenticate each page retrieved from external memory based on security information about the page;

  In another aspect, the method retrieves multiple pages of the code image from external memory, wherein the multiple pages are associated with separate security information; based on the security information for the page, Authenticating each page retrieved from external memory.

  In another aspect, the apparatus includes means for retrieving a plurality of pages of the code image from external memory, wherein the plurality of pages are associated with separate security information; based on the security information for the page And means for authenticating each page retrieved from the external memory.

FIG. 1 shows a block diagram of a wireless communication device. FIG. 2 shows programming of non-paged and paged segments of NAND flash. FIG. 3 shows a second code image and a hash digest table. FIG. 4 shows loading and authentication of the first and second code images. FIG. 5 shows the modules in the first code image. FIG. 6 shows an SDRAM in a wireless device. FIG. 7 shows a 2-level structure used to track the load status of the page of the second code image. FIG. 8 shows a process for programming a memory device. FIG. 9 illustrates a process for progressively booting a wireless device upon power up. FIG. 10 shows a process for authenticating the second code image. FIG. 11 shows a programming station.

Detailed description

  The boot techniques described herein can be used for various electronic devices such as, for example, wireless communication devices, handheld devices, gaming devices, computing devices, customer electronics devices, computers, etc. . For clarity, techniques are described below for wireless communication devices having memories such as NAND flash memory and SDRAM.

  FIG. 1 shows a block diagram of a wireless communication device 100 in accordance with an aspect of the invention, which includes a cellular phone, a personal digital assistant (PDA), a handset, a handheld device. , A wireless module, a terminal, a modem, and the like. The wireless device 100 may provide bi-directional communication with one or more wireless communication systems via a transmission path and a reception path. On the transmission path, the digital section 120 may provide data that is to be transmitted by the wireless device 100. A transmitter (TMTR) 114 may process the data to generate a radio frequency (RF) output signal, which may be transmitted via antenna 112 to the base station. it can. On the receive path, signals transmitted by the base station can be received by antenna 112 and provided to receiver (RCVR) 116. The receiver 116 may condition, digitize the received signal, and provide samples to the digital section 120 for further processing.

  The digital section 120 can include various processing units, interface units, and memory units that support digital processing for the wireless device 100. In the design shown in FIG. 1, the digital section 120 includes a modem processor 122, a central processing unit (CPU) / reduced instruction set computer (RISC) 124, a main controller 130, static RAM (SRAM). 132, read only memory (ROM) 134, NAND flash controller 140, and SDRAM controller 142, all of which can communicate with each other via one or more buses 160. The modem processor 122 can perform processing for data transmission and reception, such as encoding, modulation, demodulation, decoding, and the like. The CPU / RISC 124 may perform general purpose processing for the wireless device 100, such as processing for audio, video, graphics, and / or other applications. The main controller 130 can direct the operation of various units within the digital section 120. The SRAM 132 can store program codes and data used by the controller and processor in the digital section 120. The ROM 134 can store a boot code 136 and a root public key 138. The boot code 136 can perform an initial part of power-up boot and load program code from the NAND flash 150 when the wireless device 100 is powered up. Can start. The root public key 138 can be used for security functions, for example, to authenticate program code loaded from the NAND flash 150.

  The NAND flash controller 140 can facilitate the transfer of data between the NAND flash 150 and the digital section 120. The SDRAM controller 142 can facilitate the transfer of data between the SDRAM 152 and the digital section 120. The main controller 130 can direct the operation of the NAND flash controller 140 and / or the SDRAM controller 142. For example, the main controller 130 can instruct loading of program code from the NAND flash 150 to the SDRAM 152 during boot-up, for example when the wireless device 100 is powered on.

  NAND flash 150 and SDRAM 152 can provide mass storage for processing units in digital section 120. The NAND flash 150 can provide non-volatile storage for program code and data used by the digital section 120. The NAND flash 150 can also be replaced with other types of non-volatile memory, such as NOR flash. The SDRAM 152 can provide the storage with a random access function for program codes and data used by the digital section 120. The SDRAM 152 can also be replaced with other types of volatile memory, such as SRAM, DRAM, and the like.

  In general, the digital section 120 may include any number of processing units, interface units, and memory units. The digital section 120 can also be implemented with one or more digital signal processors (DSPs), microprocessors, RISC processors, etc. The digital section 120 can be assembled on one or more application specific integrated circuits (ASICs) and / or certain other types of integrated circuits (ICs).

  As shown in FIG. 1, the wireless device 100 can utilize a memory architecture with different types of memory. The SDRAM 152 is a volatile memory that loses its data once the power is removed. The SDRAM 152 can be accessed in a random manner and is commonly used as a main runtime memory. NAND flash 150 is a non-volatile memory that can retain its data even after power is removed. NAND flash 150 has large storage capacity, good speed for continued memory access, and low cost. However, NAND flash 150 has poor performance for random memory access and is typically accessed one page at a time, one page at a time, on a page-by-page basis. Is a specific size (eg, 4 KB).

  The memory architecture of FIG. 1 incorporates both NAND flash 150 and SDRAM 152, and can provide random access to large storage capacity at a reduced cost. For this memory architecture, the program code can be stored permanently in the NAND flash 150. In addition to supporting various designed functions and features, the program code can control the hardware within the wireless device 100. At power up, the wireless device 100 may perform a boot that may require transfer of program code from the NAND flash 150 to the SDRAM 152. The NAND flash 150 can store a large amount of program code. Therefore, the amount of time to load all program code from NAND flash 150 to SDRAM 152 at power up may be relatively long.

  In one aspect, program code to be stored in the NAND flash 150 can be divided into multiple code images that can be stored in different segments of the NAND flash 150. A segment can also be referred to as a partition, section, etc. In one design, the program code may be divided into a first code image and a second code image. The first code image contains program code used to support the basic functionality of the wireless device 100 and is stored in a non-paged segment of the NAND flash 150. Can be done. The second code image can include the remaining program code and can be stored in a paged segment of the NAND flash 150. For progressive boot on power up, the first code image can be initially loaded into the SDRAM 152 from an unpaged segment of the NAND flash 150. Once the first code image is loaded, the wireless device 100 can be enabled and can appear as functional to a user. While the wireless device 100 is operational, the second code image is loaded from the paged segment of the NAND flash 150 to the SDRAM 152, eg, as a background task and / or on demand if necessary. Can do. Progressive boot can reduce the amount of time to enable wireless device 100 at power-up, which can improve the user experience and provide other benefits.

  Program code stored in the NAND flash 150 may be code, factory test code, and / or other types of code that controls the operation of the wireless device 100, i.e., high-tier applications that support various designed features and functions. , Can be included. Ensuring that program code stored in NAND flash 150 is authorized for use, enabling execution of authenticated program code, and preventing execution of unauthorized program code That is desirable or necessary. In addition, it is desirable to provide security in an efficient manner for multiple code images used for progressive boot.

  In another aspect, security can be efficiently provided for progressive boot by performing authentication for the entire first code image and also for each page of the second code image. it can. The first code image can be initially loaded in its entirety from the NAND flash 150 at power up and can be authenticated when loaded. The second code image can be divided into pages and loaded one page at a time from the NAND flash 150. The pages of the second code image can be loaded in different orders depending on the memory access. Each page of the second code image can be individually authenticated to allow the page to be loaded and used without consideration for other pages of the second code image.

  FIG. 2 shows a NAND flash 150 design, which includes an unpaged segment 210 and a paged segment 220 in accordance with an aspect of the present invention. In this design, unpaged segment 210 stores first code image 212, hash digest table 214, certificate 216, and digital signature 218. The certificate 216 can include cryptographic information used to authenticate the unpaged segment 210 and the paged segment 220. A digital signature 218 is generated for both the first code image 212 and the hash table 214 and can be used to authenticate these two parts. The first code image 212 includes program code and / or data to be loaded from the NAND flash 150 before enabling the wireless device 100, such as code for a driver, user interface (UI), modem, etc. be able to. The table 214 may include a cryptographic hash digest for each page of the second code image 222. Second code image 222 may include program code and / or data to be loaded from NAND flash 150 after enabling wireless device 100, eg, code for higher layer applications. In general, a code image can include program code, data, and the like.

  FIG. 2 also shows a design of process 200 to program non-paged segment 210 and paged segment 220 of NAND flash 150. Process 200 may be performed during manufacturing of NAND flash 150, provisioning of wireless device 100, and so on. The design of FIG. 2 uses two sets of cryptographic keys: (1) a set of private and public keys that sign and authenticate the unpaged segment 210, and they are private x and public key x (2) A set of private and public keys that authenticate the source entity, and they are called root private key r and root public key r. The root private key r and private key x are secrets and are known only to source entities such as source code vendors, manufacturers, and the like. The root public key r is made available to the wireless device 100 and is used to verify the digital signature generated with the root private key r. The public key x is used to verify the digital signature generated with the private key x and can be sent with the certificate 216.

  The sign function 232 can generate a digital signature for the public key x and possibly other information using the root private key r. This digital signature can be referred to as signature cx and can be used to authenticate the source entity. Sine function 232 may implement an RSA (Rivest, Shamir, and Adleman) algorithm, a Digital Signature Algorithm (DSA), or some other cryptographic (digital signature or encryption) algorithm. The certificate generator 234 includes the signature cx, the public key x, and possibly other information such as the identifier of the source entity, the cryptographic algorithm selected for use, the expiration date of the certificate, etc. A certificate can be formed. This certificate is X. It can be stored in NAND flash 150 as a 509 certificate or in some other format known in the art. The root public key r can be made available to the wireless device 100 in any way and can be securely stored in the ROM 134 in the wireless device 100 of FIG.

  In the design shown in FIG. 2, the second code image 222 can be processed and stored first, and the first code image 212 can then be processed and stored. A page splitting unit 252 can receive the second code image 222 and split it into pages of a specific size (eg, 4 KB), and for the secure hash function 254 and also to the NAND flash 150. In contrast, one page can be provided at a time. Function 254 is a secure hash algorithm that can hash each page from unit 252 and provide a hash digest for that page. Function 254 is SHA-1 (secure hash algorithm), SHA-2 (which includes SHA-224, SHA-256, SHA-384 and SHA-512), MD-4 (message digest), MD-5, or Several other secure hash algorithms known in the art can be implemented. Since the secure hash algorithm has cryptographic properties, the function between the input message and its digest (pseudo-random bit string) is irreversible, allowing two input messages mapping to the same digest Sex is very small. The secure hash algorithm can accept input messages of any length and can provide a fixed length hash digest. The table generator 256 can generate a hash digest table for all pages of the second code image 222, and can store this table as the hash digest table 214 in the NAND flash 150.

  The first code image 212 is provided to a multiplexer (Mux) 242 and can further be stored in the NAND flash 150. The multiplexer 242 can also receive the hash digest table 214 from the generator 256 and can provide the first code image 212 and the hash digest table 214 sequentially to the secure hash function 244. The function 244 can hash both the first code image 212 and the hash digest table 214 with a secure hash algorithm and can provide a hash digest that can be referred to as digest x. Function 244 may implement SHA-1, SHA-2, MD-5, or some other secure hash algorithm. Sine function 246 can generate a digital signature over digest x using private key x. This digital signature can be stored as a digital signature 218 in the NAND flash 150. Sine function 246 may implement RSA, DSA, or some other cryptographic algorithm. Sine functions 232 and 246 can implement the same or different cryptographic algorithms.

  FIG. 3 shows the design of the second code image 222 and the hash digest table 214 in the NAND flash 150. In this design, the second code image 222 can be divided into N pages 0 to N−1, where N can be any integer value. Each code page can be hashed with a secure hash algorithm (Hash) to generate a corresponding hash digest. The hash digest table 214 can store N hash digests for N code pages.

  FIG. 4 shows a design of a process 400 for loading and authenticating unpaged segment 210 and paged segment 220 of NAND flash 150 in accordance with aspects of the present invention. Process 400 may be performed, such as when wireless device 100 is powered up. The verify function 432 can receive the certificate 216 from the NAND flash 150 in the wireless device 100 of FIG. 1 and the root public key r from the ROM 134. The verify function 432 extracts the signature cx and the public key x from the certificate 216, verifies the signature cx with the root public key r, and provides the public key x if the signature cx is verified. Any tampering of the certificate x by a third party can be easily detected by the unverified signature cx.

  The multiplexer 442 can receive the first code image 212 and the hash digest table 214 and can sequentially provide both portions to the secure hash function 444. Function 444 may hash both the first code image 212 and the hash digest table 214 and provide a hash digest that may be referred to as digest x '. Function 444 may implement the same secure hash algorithm used by secure hash function 244 of FIG. The verify function 446 can receive the digest x ′ from the secure hash function 444, the digital signature x from the NAND flash 150, and the public key x from the verify function 432. The verify function 446 can verify the digital signature 218 with the public key x and the digest x 'and can indicate whether the digital signature 218 is verified. The public key x is authenticated with the root public key r. Accordingly, any alteration of the digital signature 218, the first code image 212, and / or the hash digest table 214 by a third party can be easily detected by the unverified digital signature 218.

  If the digital signature 218 is verified, the first code image 212 can be provided for use, and the hash digest table 214 can be stored in the table 456. Once the first code image 212 is loaded from the NAND flash 150 to the SDRAM 152, the wireless device 100 can be enabled. If the digital signature 218 is not verified, the loading process is aborted and an error message can be provided.

  After enabling the wireless device 100, the second code image 222 can be loaded from the NAND flash 150 to the SDRAM 152, one page at a time, as a background task and / or on demand if necessary. . The secure hash function 454 may hash the retrieved page from the NAND flash 150 and provide a hash digest y 'for the retrieved page. Function 454 may implement the same secure hash algorithm used by secure hash function 254 of FIG. The verify function 458 can receive the hash digest y 'from the secure hash function 454 and the authenticated hash digest y for the retrieved page from the table 456. The verify function 458 can compare the two hash digests y 'and y and can declare the retrieved page as authenticated if the two digests match. The hash digest table 214 can be authenticated with the root public key r. The cryptographic properties of the secure hash algorithm ensure that the possibility of another page mapping to the same hash digest y is very small. Therefore, any alteration of the page by a third party can be easily detected due to inconsistencies between the two hash digests. If the hash digest matches, the retrieved page can be provided for use. The loading process can be interrupted and an error message can be provided if the hash digest does not match.

  FIGS. 2-4 show one design of NAND flash 150, which supports progressive boot of non-paged segment 210 and paged segment 220, stored in segments 210 and 220. Further support for code image authentication. In general, the NAND flash 150 can store a P code image in a P-paged segment and a Q code image in a non-Q paged segment, where P and Q are integer values of 1 or more. Can do. Code images from non-Q paged segments can be loaded from NAND flash 150 prior to enabling wireless device 100. Code images from P-paged segments can be loaded from NAND flash 150 after enabling wireless device 100.

  Security for code images stored in non-paged and paged segments can be implemented in various ways. In general, the security information used for authentication may comprise one or more certificates, digital signatures, hash digests, etc. The security information used to authenticate a code image from an unpaged segment (or just an unpaged code image) is, for example, in the unpaged segment, in the designated unpaged segment, Can be saved. Security information used to authenticate a code image from a paged segment (or just a paged code image) can be, for example, in that page segment, in another paged segment, in a non-paged segment, Can be saved. Security information can be provided for each page of the paged code image to allow each page to be loaded and authenticated separately. Security information can also be provided for the entire paged code image. In one design, one unpaged segment can store security information for all unpaged and paged segments, as described above. In another design, authentication can be performed in a daisy chain manner, with each segment storing security information about the next segment to be loaded. Authentication of unpaged code images and paged code images can also be performed in other ways.

  For clarity, the following description assumes the use of the structure shown in FIGS. 2-4 and that the NAND flash 150 includes an unpaged segment 210 and a paged segment 220. The non-paged segment 210 may include program code that supports basic functionality of the wireless device 100, code that supports progressive boot, and the like. The paged segment 220 can include the remaining program code for the wireless device 100.

  FIG. 5 shows a design of the first code image 212 stored in the unpaged segment 210 of the NAND flash 150. In this design, the first code image 212 includes a module 510 that supports progressive boot, driver 530, user interface (UI) code 540, and modem code 550.

  Within module 510, header 512 includes relevant information about NAND flash 150, such as, for example, the number of paged and unpaged segments, the starting address and size of each segment, the location of each segment header, etc. Can be included. A boot loader 514 can handle the loading of unpaged segments 210 from the NAND flash 150 to the SDRAM 152. The NAND driver 516 can retrieve pages from the NAND flash 150 and copy these pages to the SDRAM 152. The memory manager 518 can handle the loading of the paged segment 220 from the NAND flash 150 to the SDRAM 152 and can track which page of the second code image 222 has been loaded. The interrupt handler 520 can handle page faults due to memory access of the page of the second code image 222 that has not been loaded from the NAND flash 150. When a page fault occurs, the interrupt handler 520 can save the context of the current task, and then load the pager handler () to load the page or pages containing the requested page. pager handler) 522. The pager handler 522 can handle background and on-demand paging of the requested page of the second code image 222 from the NAND flash 150. The boot loader 514 and pager handler 522 can request the NAND driver 516 to retrieve specific pages from the NAND flash 150 and copy these pages to the SDRAM 152.

  The driver 530 can support input / output (I / O) devices such as a liquid crystal display (LCD), keypad, microphone, speaker, and the like. The UI code 540 may support various UI functions such as displaying animations on power-up, accepting keypad input, and displaying of pressed characters on the LCD. it can. The UI code 540 can provide a lifetime indication for the wireless device 100 and can accept user input so that the wireless device can be perceived as operable by the user. Modem code 550 may perform various functions to support wireless communication, eg, initialize transmitter 114 and receiver 116, search the wireless system, initiate and receive calls. And executing a process for calling (for example, encoding and decoding).

  FIG. 5 shows one design of an unpaged segment 210. Unpaged segment 210 may also include different and / or other modules not shown in FIG. For example, the non-paged segment 210 can include factory test code, wireless Binary Runtime Environment for Wireless (BREW) Application Execution Environment (AEEE) code, and the like.

  FIG. 6 shows a design of the SDRAM 152 in the wireless device 100 of FIG. The first code image 212 can be retrieved from the NAND flash 150 and stored in the SDRAM 152 during the first part of the progressive boot. Pages 0-N-1 of the second code image 222 can be retrieved in any order from the NAND flash 150 and stored in an appropriate location in the SDRAM 152 during the second part of the progressive boot.

  Background loading of the second code image 222 can begin after the first code image 212 is loaded into the SDRAM 152. For background loading, the N pages of the second code image 222 are retrieved one page at a time in sequential order from the NAND flash 150, authenticated, and stored at the corresponding location in the SDRAM 152. Can. The entire second code image 222 can be fully loaded into the SDRAM 152 in a specific amount of time, which can be referred to as secondary load time. Background loading can be given lower priority than other tasks performed by the wireless device 100. Thus, the secondary load time may be variable and depends on various factors such as, for example, the size of the second code image 222, the transfer rate between the NAND flash and the SDRAM 152, the amount of activity 100 in the wireless device 100, etc. Can depend on.

  While performing background loading, the page of the second code image 222 that has not yet been loaded can be accessed, and page defects can occur. The requested page can be loaded on demand from the NAND flash 150 and is provided for use. In one design, only the requested page is loaded from the NAND flash 150. In another design, the requested page and one or more near pages can be loaded from the NAND flash 150. This design avoids repeated page defects and thus improves performance. After completing the on-demand paging of the requested page, the background loading of the remaining pages of the second code image 222 can be resumed.

  The memory manager 518 can keep track of which pages of the second code image 222 have been loaded from the NAND flash 150. This information can be used to determine whether the requested page is stored in the SDRAM 152 or should be retrieved from the NAND flash 150. The load status of the page of the second code image 222 can be saved in various ways.

  FIG. 7 shows a design of a two-level structure 700 that can be used to determine whether a given page of second code image 222 is stored in SDRAM 152. In this design, the 32-bit memory address 702 may include bits 0-31 and may have an address range of 0-4 gigabytes (GB). The address range can be divided into 4096 sections, each address section covering 1 megabyte (MB). Each address section can cover 256 pages, and each page can be 4 KB.

  The structure 700 may include one main table 710 with 4096 entries for 4096 address sections, one entry for each address section. Structure 700 can further include one page table 720 for each address section. Each page table may contain 256 entries for 256 pages, one entry for each page.

  In one design, the main table and page table for the entire second code image 222 may be created and initialized prior to loading any page of the second code image 222. For example, one main table and 64 page tables can be created in SDRAM 152 to support virtual memory 64 MB for paging. Each entry in the main table can include a pointer to the start of the page table corresponding to that main table entry. The 256 entries in each page table are pre-determined to indicate that the 256 pages covered by these entries were not loaded into the SDRAM 152 (or do not have permission to access these 256 pages). Can be initialized to a value. When a page is loaded from NAND flash 150 to SDRAM 152, the page table covering that page can be checked, and the entry for that page is updated to indicate that the page has been loaded into SDRAM 152. Can be done.

  While the second code image 222 is being loaded from the NAND flash 150, each memory access of the SDRAM 152 can be checked to determine whether the requested page is stored in the SDRAM 152. The 12 most significant bits (MSBs) of the memory address for memory access can be used to access entries in the main table. The pointer from this main table entry can be used to determine the start of the page table for the address section covering the memory address. The 8 next MSBs of the memory address can be used to determine the page table entry for the page being accessed. This page table entry can be checked to determine if the page being accessed has been loaded into the SDRAM 152. When the page is loaded, the SDRAM 152 can be accessed to obtain the requested program code or data. If the page is not loaded, the interrupt handler 520 can be notified and the requested page can be loaded into the SDRAM 152.

  The main table and page table can be used to determine whether individual pages of the second code image 222 are loaded into the SDRAM 152. The indicator can be used to indicate whether all N pages of the second code image 222 have been loaded into the SDRAM 152. This indicator is initialized to one value (eg, 0) and can be set to another value (eg, 1) once all of the pages of the second code image 222 have been loaded into the SDRAM 152. After the entire second code image 222 is loaded, the main table and page table can be deleted.

  FIG. 7 shows a design of a structure 700 that determines whether a page of second code image 222 has been loaded into SDRAM 152. The structure 700 can be similar to the structure used for memory protection to keep track of which pages are accessible. Accordingly, the structure 700 can be implemented and updated in the same manner as the structure used for memory protection.

  Various other structures can also be used to track which pages of the second code image 222 have been loaded into the SDRAM 152. For example, a bitmap containing 1 bit for each page can be used. The bit for each page is set to one value (eg, 0) if the page is not loaded into SDRAM 152, or to another value (eg, 1) if the page is loaded. Can be set to

  FIG. 8 shows a design of a process 800 for programming a memory device, eg, while manufacturing or provisioning a phase, in accordance with an aspect of the present invention. The first security information may be generated based on the first code image and / or other information (block 812). Second security information may be generated based on the second code image (block 814). The first code image may be programmed into the memory device used for the wireless device (block 816). The first code image can be loaded from the memory device to boot the wireless device and enable the wireless device. The second code image can be programmed into the memory device (block 818). The second code image can be loaded from the memory device while the wireless device is operational to further or fully boot the wireless device. The first and second security information may be programmed into the memory device and used to authenticate the first and second code images, respectively (block 820).

  For block 814, the second code image can be divided into multiple pages and each page can be hashed with a secure hash algorithm to obtain a hash digest for that page. A table of hash digests for multiple pages can be generated and programmed into the memory device at block 820. For block 812, a digital signature may be generated based on a table of hash digests for the first code image, the private key, and the second code image. A certificate can be generated that includes a public key corresponding to the private key. The certificate and digital signature can be programmed into the memory device at block 820.

  FIG. 9 shows a design of a process 900 for performing a progressive boot of a wireless device at power up in accordance with an aspect of the present invention. The first code image can be loaded from external memory to boot the wireless device, eg, from NAND flash to SDRAM (block 912). First security information for the first code image may be obtained from external memory (block 914). The first code image may be authenticated based on the first security information (block 916). The wireless device may be enabled after loading and authenticating the first code image (block 918). While operational, the wireless device may process keypad input, establish a call using the wireless system, and so forth.

  To further boot the wireless device, the second code image can be loaded from external memory while the wireless device is operational (block 920). Second security information for the second code image may be obtained from external memory (block 922). The second code image can be authenticated based on the second security information (block 924). If authenticated, execution of the second code image may be enabled (block 926).

  For block 920, the second code image can be loaded as a background task and / or on demand while the wireless device is operational. For on-demand loading, memory accesses for the second code image page can be received. A predetermined number of pages of the second code image containing the page being accessed can be loaded from external memory in response to a memory access.

  The second code image can comprise multiple pages and it can be loaded one page at a time from external memory. At least one table may be maintained to keep track of loaded second code image pages and unloaded second code image pages. For example, a main table with multiple entries for multiple address ranges can be maintained. Multiple page tables for multiple address ranges can also be maintained, with one page table for each address range, and each page table includes multiple entries for multiple pages within the address range for that page table. . Each entry in the main table can contain a pointer to the corresponding page table. Each entry in the corresponding page table can indicate whether the associated page is loaded and accessible. The table (s) can be created before loading the second code image and deleted after loading the second code image.

  For block 916, the first security information may comprise a certificate and a digital signature. The certificate can be authenticated based on the root public key, and it can be securely stored on the wireless device. The first code image can be authenticated based on the digital signature and the public key from the certificate. For block 924, the second security information can comprise at least one hash digest, which can be authenticated based on the first security information. The second code image can be authenticated based on the at least one hash digest.

  FIG. 10 shows a design of process 1 for authenticating a code image in accordance with an aspect of the present invention. Process 1000 may be used for blocks 920-924 of FIG. Multiple pages of the code image can be retrieved from external memory, and the multiple pages are associated with separate security information (block 1012). The pages are one page at a time and in a predetermined order (eg, for background loading) or in a random order determined based on memory access for the pages of the code image (eg, For on-demand loading). Each page retrieved from external memory may be authenticated based on security information about the page (block 1014). In one design, a multi-page hash digest table can be retrieved from external memory and authenticated. Each retrieved page can be hashed based on a secure hash algorithm to obtain a hash digest generated for that page. If the generated hash digest matches the authenticated hash digest for the page, the retrieved page can be declared as authenticated, even if it is from the hash digest table. Good.

  FIG. 11 shows a block diagram of a design of programming station 1100 for NAND flash 150 in accordance with an aspect of the present invention. Programming station 1100 includes a controller / processor 1110, memory 1112, programming tool 1114, and database 1116. Controller / processor 1110 may perform the secure processing shown in FIG. 2 and further direct the operation of programming station 1100. Memory 1112 may store data and code used by controller / processor 1110. The programming tool 1114 can program the NAND flash 150, for example, as shown in FIG. Database 1116 can store code images to be programmed into NAND flash 150, encryption keys, and the like. Programming station 1100 may perform process 800 of FIG. 8 and / or other processes for programming memory.

  For clarity, the boot technique has been described for a memory configuration with NAND flash and SDRAM. Boot technology can also be used for other memory configurations and other types of memory. The boot technique can be further used for any number of non-paged code images and paged code images, any number of non-paged segments and paged segments, any page size, etc. .

  The boot technology described herein can provide certain advantages. Shorter perceptual boot times can be achieved for memory loads at power up. This can result in shorter factory test times since factory test code can be stored and loaded first in non-paged segments. Factory test code can rely on the initial loading of these codes and has a test equipment talk to the wireless device immediately after power-up, even if the wireless device did not finish the loading process be able to. A shorter perceptual boot time can reduce the amount of time that the user waits after power-up, thus improving the user experience.

  Those skilled in the art will appreciate that information and signals can be represented using any of a variety of different technologies and techniques. For example, data, commands, commands, information, signals, bits, symbols, and chips that can be referred to throughout the above description are voltages, currents, electromagnetic waves, magnetic fields or magnetic particles, optical or optical particles, or Can be represented by any combination of

  Those skilled in the art will appreciate that the various illustrative logic blocks, modules, circuits, and algorithm steps described in connection with the aspects disclosed herein are implemented as electronic hardware, computer software, or a combination of both. You will understand that you can. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the overall system. A skilled artisan can implement the described functionality in a variety of ways for each specific application, but such implementation decisions are interpreted as causing deviations from the scope of the present invention. Should not be done.

  The various illustrative logic blocks, modules and circuits described in connection with the disclosure herein are general purpose processors, digital signal processors (DSPs), application specific integrated circuits (ASICs), field programmable gate arrays (FPGAs). ) Or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein. be able to. A general purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be a combination of computing devices, eg, a DSP and microprocessor combination, multiple microprocessors, one or more microprocessors in combination with a DSP core, or any other such. It can be implemented as a simple configuration.

  The method or algorithm steps described in connection with the disclosure herein may be implemented directly in hardware, in a software module executed by a processor, or in a combination of the two. Software modules, RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, removable disk, CD-ROM or any other form of storage medium known in the art ( reside). An exemplary storage medium is coupled to the processor such that the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may exist in the ASIC. The ASIC may exist in the user terminal. In the alternative, the processor and the storage medium may reside as discrete components in a user terminal.

  In one or more exemplary designs, the functions described may be implemented in hardware, software, and / or firmware, or any combination thereof. If implemented in software, the functions can be stored or transmitted as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. Contains. A storage media may be any available media that can be accessed by a general purpose or special purpose computer. By way of example and not limitation, such computer readable media may be RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage. Magnetic storage devices or any other medium can also be provided, which are used to store or carry the desired program code means in the form of instructions or data structures And can be accessed by a general purpose or special purpose computer, or a general purpose or special purpose processor. Also, any connection is properly named a computer-readable medium. For example, the software can use websites, servers, or coaxial technologies, fiber optic cables, twisted pairs, digital subscriber lines (DSL), or wireless technologies such as infrared, wireless, and microwave. When transmitted from other remote sources that are in use, then coax, fiber optic cable, twisted pair, DSL, or radio technologies such as infrared, radio, and microwave are Included in the definition. As used herein, disk and disc are compact disc (CD), laser disc, optical disc, digital general purpose Discs include digital versatile discs (DVD), floppy disks, and blu-ray discs, and “disks” usually reproduce data magnetically. However, “discs” are optically reproduced by a laser. Combinations of the above should also be included within the scope of computer-readable media.

  The above description of the present disclosure is provided to enable any person skilled in the art to make or use the present disclosure. Various modifications to the present disclosure will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other variations without departing from the scope of the present disclosure. it can. Accordingly, this disclosure is not intended to be limited to the examples and designs described herein, but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (53)

A processor configured to program first and second code images into a memory device used in the wireless device;
The first code image is loaded from the memory device to boot the wireless device and enable the wireless device, and the second code image further includes the wireless device Loaded from the memory device while the wireless device is operational to boot,
apparatus.   The processor is configured to generate first security information based on the first code image, to generate second security information based on the second code image, and to the memory device Configured to program first and second security information, wherein the first and second security information are used to authenticate the first and second code images, respectively. The apparatus of claim 1.   The processor generates a digital signature based on the first code image and a private key, generates a certificate including a public key corresponding to the private key, and the memory device The apparatus of claim 1, wherein the apparatus is configured to program the certificate and the digital signature.   The processor hashes the plurality of pages to hash each of the plurality of pages to obtain a hash digest for the page so as to divide the second code image into a plurality of pages. The apparatus of claim 3, configured to generate a table of digests and to program the table of hash digests into the memory device.   The apparatus of claim 4, wherein the processor is configured to generate the digital signature further based on the table of hash digests. Programming a first code image into a memory device used for the wireless device, wherein the first code image is used to boot the wireless device and enable the wireless device. Loaded from;
Programming a second code image into the memory device, wherein the second code image is read from the memory device while the wireless device is operable to further boot the wireless device. Loaded;
A method comprising: Generating first security information based on the first code image;
Generating second security information based on the second code image;
Programming the first and second security information in the memory device;
The method of claim 6, wherein the first and second security information are used to authenticate the first and second code images, respectively.   Generating the first security information generates a digital signature based on the first code image and a private key and generates a certificate including a public key corresponding to the private key. And programming the first and second security information comprises programming the certificate and the digital signature in the memory device. Method.   Generating the second security information includes dividing the second code image into a plurality of pages; hashing each of the plurality of pages to obtain a hash digest for the page; Generating a table of hash digests for the plurality of pages, and programming the first and second security information comprises programming the table of hash digests in the memory device. The method of claim 7 comprising. Means for programming a first code image into a memory device used for the wireless device, wherein the first code image is used to boot the wireless device and enable the wireless device; Loaded from a memory device;
Means for programming a second code image in the memory device, wherein the second code image is stored in the memory while the wireless device is operable to further boot the wireless device. Loaded from the device;
A device equipped with. Means for generating first security information based on the first code image;
Means for generating second security information based on the second code image;
Means for programming the first and second security information into the memory device;
The apparatus of claim 10, further comprising: the first and second security information being used to authenticate the first and second code images, respectively.   The means for generating the first security information includes means for generating a digital signature based on the first code image and a private key, and a certificate including a public key corresponding to the private key Means for generating a certificate, and means for programming the first and second security information comprises means for programming the certificate and the digital signature in the memory device. The apparatus of claim 11, comprising:   The means for generating the second security information includes means for dividing the second code image into a plurality of pages, and hashing each of the plurality of pages to obtain a hash digest for the page. And means for generating a hash digest table for the plurality of pages, wherein the means for programming the first and second security information is stored in the memory device. The apparatus of claim 11, comprising means for programming the table of hash digests. A memory controller configured to load a first code image from external memory to boot the wireless device;
A main controller configured to enable the wireless device after loading the first code image, and wherein the memory controller operates the wireless device to further boot the wireless device; While being possible, further configured to load a second code image from the external memory;
A device comprising:   The apparatus of claim 14, wherein the memory controller is configured to load the second code image as a background task while the wireless device is operational. The memory controller is
Receiving a memory access for a page of the second code image;
Loading a predetermined number of pages of the second code image containing the page being accessed from the external memory in response to the memory access;
15. The apparatus of claim 14, wherein the apparatus is configured.   The memory controller obtains first security information about the first code image from the external memory, and authenticates the first code image based on the first security information. The apparatus of claim 14, wherein the main controller is configured to enable the wireless device if the first code image is authenticated.   The first security information includes a certificate and a digital signature, and the memory controller authenticates the certificate based on a root public key so that the digital signature and the public key from the certificate are authenticated. The apparatus of claim 17, wherein the apparatus is configured to authenticate the first code image based on: The memory controller is
So as to obtain second security information about the second code image from the external memory;
Authenticating the second code image based on the second security information;
If authenticated, to enable execution of the second code image,
It is configured,
The apparatus of claim 17.   The second security information comprises at least one hash digest, the memory controller authenticates the at least one hash digest based on the first security information, and the at least one hash digest The apparatus of claim 19, configured to authenticate the second code image based on a hash digest.   The second code image includes a plurality of pages, and the memory controller is configured to load the plurality of pages of the second code image one page at a time from the external memory. The device of claim 14.   The memory controller is configured to maintain at least one table indicating pages of the second code image loaded from the external memory and pages of the second code image not loaded. The apparatus of claim 21.   The memory controller creates the at least one table before loading the second code image, and deletes the at least one table after loading the second code image. 23. The apparatus of claim 22, wherein the apparatus is configured.   The memory controller is configured to hold a multiple page table for the multiple address range to hold a main table with multiple entries for multiple address ranges, one page for each address range. 22. The apparatus of claim 21, wherein there is a table and each page table includes multiple entries for multiple pages within the address range for the page table.   25. The apparatus of claim 24, wherein each entry in the main table includes a pointer to a corresponding page table, and each entry in the corresponding page table indicates whether a related page is accessible.   The external memory is a NAND flash memory, and the memory controller is configured to load the first and second code images from the NAND flash to a synchronous dynamic random access memory (SDRAM). The apparatus according to claim 14.   The apparatus of claim 14, wherein while operable, the wireless device is capable of at least one of processing a keypad input and establishing a call with a wireless communication system. Loading a first code image from external memory to boot a wireless device;
Enabling the wireless device after loading the first code image;
Loading a second code image from the external memory while the wireless device is operable to further boot the wireless device;
A method comprising:   30. The method of claim 28, wherein loading the second code image comprises loading the second code image as a background task while the wireless device is operational. Loading the second code image includes
Receiving a memory access for a page of the second code image;
Loading a predetermined number of pages of the second code image containing the page being accessed from the external memory in response to the memory access;
30. The method of claim 28, comprising: Obtaining from the external memory first security information about the first code image;
Authenticating the first code image based on the first security information;
29. The method of claim 28, further comprising: enabling the wireless device to operate if the first code image is authenticated. The first security information includes a certificate and a digital signature, and authenticating the first code image includes:
Authenticating the certificate based on a root public key;
Authenticating the first code image based on the digital signature and a public key from the certificate;
32. The method of claim 31 comprising: Obtaining second security information about the second code image from the external memory;
Authenticating the second code image based on the second security information;
If authenticated, enabling execution of the second code image;
32. The method of claim 31, further comprising: The second security information includes at least one hash digest, and authenticating the second code image includes:
Authenticating the at least one hash digest based on the first security information;
Authenticating the second code image based on the at least one hash digest;
24. The method of claim 23, comprising: Means for loading a first code image from external memory to boot a wireless device;
Means for enabling the wireless device after loading the first code image;
Means for loading a second code image from the external memory while the wireless device is operable to further boot the wireless device;
A device comprising: Means for obtaining first security information about the first code image from the external memory;
Means for authenticating the first code image based on the first security information;
36. The apparatus of claim 35, further comprising: the wireless device is enabled if the first code image is authenticated. The first security information includes a certificate and a digital signature, and means for authenticating the first code image includes:
Means for authenticating the certificate based on a root public key;
Means for authenticating the first code image based on the digital signature and a public key from the certificate;
37. The apparatus of claim 36, comprising: Means for obtaining second security information about the second code image from the external memory;
Means for authenticating the second code image based on the second security information;
Means for enabling execution of said second code image if authenticated;
37. The apparatus of claim 36, further comprising: The second security information comprises at least one hash digest, and the means for authenticating the second code image comprises:
Means for authenticating the at least one hash digest based on the first security information;
Means for authenticating the second code image based on the at least one hash digest;
40. The apparatus of claim 38, comprising: A computer program product,
Code for causing a computer to load a first code image from external memory to boot a wireless device;
Code for enabling a wireless device to operate on a computer after loading the first code image;
Code for causing a computer to load a second code image from the external memory while the wireless device is operable to further boot the wireless device;
A computer-readable medium comprising:
A computer program product comprising: The computer-readable medium is
Code for causing the computer to obtain first security information about the first code image from the external memory;
A code for causing the computer to authenticate the first code image based on the first security information;
If the first code image is authenticated, a code for enabling the computer to operate the wireless device;
41. The computer program product of claim 40, further comprising: The computer-readable medium is
Code for causing the computer to obtain second security information about the second code image from the external memory;
A code for causing the computer to authenticate the second code image based on the second security information;
If authenticated, code for enabling the computer to execute the second code image;
42. The computer program product of claim 41, further comprising: Still, the plurality of pages are associated with separate security information so as to retrieve a plurality of pages of the code image from an external memory;
Authenticate each page retrieved from the external memory based on security information about the page; j
Configured memory controller,
A device equipped with.   The security information for each page of the code image includes a hash digest, and for each page retrieved from the external memory, the memory controller uses a secure hash algorithm to obtain the generated hash digest. Hash the retrieved page based on and declare the retrieved page as authenticated if the generated hash digest matches an authenticated hash digest for the page 44. The apparatus of claim 43, configured as follows. The memory controller is
The security information for each page of the code image includes a hash digest in the table of hash digests so as to retrieve a table of hash digests for the plurality of pages of the code image from the external memory. Is;
To authenticate the table of hash digests;
Authenticating the plurality of pages of the code image based on the table of the authenticated hash digest;
44. The apparatus of claim 43, wherein the apparatus is configured.   44. The apparatus of claim 43, wherein the memory controller is configured to retrieve the plurality of pages of the code image from the external memory in a predetermined order one page at a time.   The memory controller is configured to search the plurality of pages of the code image in a random order determined based on memory accesses for the pages of the code image, one page at a time. Item 44. The apparatus according to Item 43. Retrieving a plurality of pages of the code image from an external memory, wherein the plurality of pages are associated with separate security information;
Authenticating each page retrieved from the external memory based on security information about the page;
A method comprising: The security information for each page of the code image includes a hash digest, and authenticating each page retrieved from the external memory includes:
Hashing the retrieved page based on a secure hash algorithm to obtain a generated hash digest;
Declaring the retrieved page as authenticated if the generated hash digest matches an authenticated hash digest for the page;
49. The method of claim 48, comprising: Retrieving a table of hash digests for the plurality of pages of the code image from the external memory, wherein the security information for each page of the code image comprises a hash digest in the table of hash digests. Is;
Authenticating the table of hash digests, wherein each page retrieved from the external memory is authenticated based on the hash digest authenticated for the page;
49. The method of claim 48, further comprising: Means for retrieving a plurality of pages of the code image from an external memory, wherein the plurality of pages are associated with separate security information;
Means for authenticating each page retrieved from the external memory based on security information about the page;
A device equipped with. The security information for each page of the code image includes a hash digest, and means for authenticating each page retrieved from the external memory includes:
Means for hashing the retrieved page based on a secure hash algorithm to obtain a generated hash digest;
Means for declaring the retrieved page as authenticated if the generated hash digest matches an authenticated hash digest for the page;
52. The apparatus of claim 51, comprising: Means for retrieving a hash digest table for the plurality of pages of the code image from the external memory, wherein the security information for each page of the code image is stored in the hash digest table in the hash digest. Has;
Means for authenticating the table of hash digests, and wherein each page retrieved from the external memory is authenticated based on the hash digest authenticated for the page;
52. The apparatus of claim 51, further comprising:

Images